OpenFleet
WarnAudited by ClawScan on May 10, 2026.
Overview
OpenFleet is coherent for managing an agent workspace, but it gives broad control over autonomous agents and can expose your local OpenClaw gateway to remote OpenFleet tasks.
Install only if you are comfortable giving OpenClaw broad control over your OpenFleet workspace. Be especially cautious with the Cloudflare tunnel/gateway setup, use the least-privileged API key available, review any MCP configuration changes, and require confirmation before triggering pulses, approvals, deletions, or recurring automations.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A connected agent could change or approve work, archive tasks, create recurring automations, or start fleet activity if it decides those actions satisfy the user request.
The skill exposes tools that can mutate workspace state, create recurring workflows, and start agent execution cycles. The artifacts do not describe confirmation requirements, authorization limits, dry runs, or rollback behavior for these actions.
`openfleet_update_task` | Update title, description, status, priority, or tags ... `openfleet_delete_task` | Archive ... `openfleet_create_automation` ... `openfleet_trigger_pulse` | Trigger an agent work cycle (health check + assignment + execution)
Use explicit confirmations for create/update/delete/approve/trigger actions, review requested changes before execution, and restrict the API key to the minimum workspace permissions available.
If configured broadly or incorrectly, remote OpenFleet tasks could reach your local OpenClaw environment and cause agents to act on local tools, files, or connected services.
The skill documents a remote-to-local execution path through a public tunnel. Although a token is mentioned, the artifacts do not explain origin validation, task authorization, allowed actions, data boundaries, or containment for work sent through the gateway.
`OpenFleet → OpenClaw` | OpenFleet sends tasks to your gateway for execution ... `cloudflared tunnel --url http://localhost:18789` ... `Connect the tunnel URL + token in OpenFleet Settings`
Only expose the gateway if needed, use strong scoped tokens, restrict network access where possible, monitor gateway activity, and verify what kinds of tasks OpenFleet is allowed to send.
Anyone or any agent with access to this environment variable may be able to manage your OpenFleet workspace through this skill.
The API key requirement is expected for an OpenFleet integration, but it likely grants meaningful workspace access because the skill can list, create, update, approve, archive, and trigger OpenFleet resources.
`requires: env: - OPENFLEET_API_KEY` ... `export OPENFLEET_API_KEY=ofk_your_key_here`
Use a least-privilege key if OpenFleet supports scoped keys, keep it out of logs and shared shells, rotate it periodically, and remove it from environments where the skill is not needed.
Running the setup may install or execute code from npm and change MCP configuration for local agent clients.
The skill relies on an external npm package and documents an automatic MCP configuration wizard. This appears central to the integration, but the package code and a pinned version are not included in the reviewed artifacts.
`npx @open-fleet/mcp-server setup` ... `OPENFLEET_API_KEY=ofk_xxx npx -y @open-fleet/mcp-server` ... `The setup wizard auto-detects Claude Code, Cursor, and Windsurf and configures MCP automatically.`
Review the npm package and its publisher before running it, prefer pinning a known version, and inspect any MCP configuration changes made by the setup wizard.
A mistaken task, automation, or pulse could cause repeated or broad work across the agent fleet rather than a single isolated action.
Pulse triggers and recurring automations can cause one user or agent action to propagate into multiple future agent actions, but the artifacts do not describe containment, review queues, rate limits, or stop conditions.
`Trigger an OpenFleet pulse to assign queued tasks and start agent work` ... `Create a scheduled automation (hourly → monthly)`
Keep automations disabled until reviewed, use conservative schedules, monitor activity after triggering pulses, and make sure there is a clear way to stop or roll back fleet actions.